GoPhish as a service over SSL on Ubuntu

Recently I needed to setup a GoPhish instance which needed to run as a service and also present its landing page via a fully qualified domain name over SSL. I coouldn’t find a succinct gide which had all the steps which worked so I have compiled this post for others who may need to set up the same configuration.

Below is a list of steps which can help you achieve this on Ubuntu which I collated from these sources:

I have also added a few specific steps which I needed to create to get the GoPhish service to start once I had installed it.

Installing GoPhish

Step 1: Install Unzip.

This is needed to unzip the GoPhish installation files once you have downloaded them

sudo apt install unzip

Step 2: Download GoPhish.

At the time of writing the current version was 0.5.0.

wget https://github.com/gophish/gophish/releases/download/v0.5.0/gophish-v0.5.0-linux-64bit.zip

Step 3: Create a gophish folder under the /opt directory.

sudo mkdir /opt/gophish

Step 4: Unzip the GoPhish files to your newly created gophish directory.

sudo unzip gophish-v0.5.0-linux-64bit.zip -d /opt/gophish

Step 5: Configure the listen address to allow remote access to the admin console.

sudo sed -i ‘s!127.0.0.1!0.0.0.0!g’ /opt/gophish/config.json

Step 6: Test. Test that GoPhish starts and that you can access the admin console etc.

cd /opt/gophish
sudo ./gophish
Open a browser and navigate to https://<IP of GoPhish Server>:3333

HIt CTRL + C to end your GoPhish session

Creating and configuring the GoPhish service

Now that we have a basic GoPhish install up and running we can configure so that it runs as a service. The script can be found here: https://github.com/gophish/gophish/issues/586 which is described in the GoPhish installation guide.

Step 1: Create the gophish service file and copy in the script.

sudo nano /etc/init.d/gophish

Script:

#!/bin/bash
# /etc/init.d/gophish
# initialization file for stop/start of gophish application server
# description: stops/starts gophish application server
# processname:gophish
# config:/opt/gophish/config.json

# define script variables

processName=Gophish
process=gophish
appDirectory=/opt/gophish
logfile=/var/log/gophish/gophish.log
errfile=/var/log/gophish/gophish.error

start() {
echo ‘Starting ‘${processName}’…’
cd ${appDirectory}
nohup ./$process >>$logfile 2>>$errfile &
sleep 1
}

stop() {
echo ‘Stopping ‘${processName}’…’
pid=$(/usr/sbin/pidof ${process})
kill ${pid}
sleep 1
}

status() {
pid=$(/usr/sbin/pidof ${process})
if [[ “$pid” != “” ]]; then
echo ${processName}’ is running…’
else
echo ${processName}’ is not running…’
fi
}

case $1 in
start|stop|status) “$1” ;;
esac

CTRL + X to exit and y and enter to save changes

Step 2: Create the gophish log directory

sudo mkdir /var/log/gophish

Step 3: Make the gophish script file executable

sudo chmod +x /etc/init.d/gophish

Step 4: Add the gophish service to update-rc.d to ensure its starts everytime your server starts.

You may get a warning that states ‘insserv: warning: script ‘gophish’ missing LSB tags and overrides’. You can ignore this.

sudo update-rc.d gophish defaults

Step 5: Start the gophish service and test GoPhish

sudo service gophish start
Open a browser and navigate to https://<IP of GoPhish Server>:3333

Configuring the GoPhish listener to server requests over SSL

Now we can install the SSL cert for the domain you will be using for your phishing campaign. I tried OpenSSL but have found LetsEncrypt works best so I followed the steps found in N00PY’s blog post.

Step 1: Download CertBot-Auto

sudo wget https://dl.eff.org/certbot-auto

Step 2: Make certbot-auto executable

sudo chmod a+x certbot-auto

Step 3: Run the certbot-auto script.

Once it has installed a few prerequisites, you will be prompted to accpet certain terms and conditions as well as provide the information needed for the certificate to be created. You will also be prompted to create a TXT record for the domain so ensure you have the necessary access and that you are ready to create the record when prompted to do so by the script.

sudo ./certbot-auto certonly -d <your domain> –manual –preferred-challenges dns

Step 4: Copy the key and cert files to the gophish directory

sudo cp /etc/letsencrypt/live/<your domain>/privkey.pem /opt/gophish/domain.key

sudo cp /etc/letsencrypt/live/<your domain>/fullchain.pem /opt/gophish/domain.crt

Step 5: Amend the configuration of config.json with your new certificate information.

Change the url port from 80 to 443, change use_tls from false to true, change cert_path from example.cert to domain.crt and key_path from exmaple.key to domain.key

sudo nano /opt/gophish/config.json

Once done CTRL + X to exit and y and enter to save changes

Step 6: Reboot for all settings to take effect

sudo reboot

Once your server restarts you should now have a working GoPhish server where GoPhish is running as a service and your target domain is being served via HTTPS.

The post GoPhish as a service over SSL on Ubuntu appeared first on Chris Lazari.

Article Link: https://chrislazari.com/gophish-service-ssl-ubuntu/